Anthony Kraudelt<p>My son is 12-year old son is creating an online game and asked "why do users have to login to be on the game's leaderboard." This prompted a discussion about how authentication and authorization are often confused and how they play distinct yet complementary roles in protecting each players games scores for his website. I explained the two as follows:</p><p>Authentication (AuthN) asks the question "Are you who you say you are?" It verifies an identity using credentials like passwords, biometrics, or MFA.</p><p>Authorization (AuthZ) asks "What are you allowed to do?" It determines what actions, or resources, you have access to after authentication.</p><p>You authenticate first (prove your identity), then get authorized (granted permissions). Without both, security is incomplete. The two concepts work in concert to prevent unauthorized system access or data tampering. </p><p>I know that probably wasn't the coolest conversation between a father and son, but his gaming site now has a user login page. :)</p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZeroTrust</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
norden.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Moin! Dies ist die Mastodon-Instanz für Nordlichter, Schnacker und alles dazwischen. Folge dem Leuchtturm.
Administered by:
Server stats:
3.5Kactive users
norden.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#authorization
0 posts · 0 participants · 0 posts today
Andrea ... ist sprachlos 🌼<p>Jetzt hat auch noch der <a href="https://nrw.social/tags/Tolino" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tolino</span></a> bzw. die Adobe Digital Edition gesponnen.</p><p>Hab mir heute Mittag ein Buch ausgeliehen und jedes Mal, wenn ich das auf den Tolino schieben wollte, ist diese Mist-SW abgestürzt. So richtig. Mit Absturzbericht und so.</p><p>Hab also ein bisschen im Internet gesucht und rausgefunden, dass entweder Tolino oder ADE es nicht hinbekommen, dass die Autorisierung des eReaders permanent ist.</p><p>Er war also "de-authorized".</p><p>1/2</p><p><a href="https://nrw.social/tags/AdobeID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AdobeID</span></a> <a href="https://nrw.social/tags/OverDrive" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OverDrive</span></a> <a href="https://nrw.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://nrw.social/tags/eBookReader" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eBookReader</span></a></p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts</p><p>A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake "Security Alert" issues, tricking developers into authorizing a malicious OAuth app that grants attackers full control over their accounts and code.</p><p>😒 <a href="https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/</span></a></p><p><a href="https://chaos.social/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a> <a href="https://chaos.social/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://chaos.social/tags/account" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>account</span></a> <a href="https://chaos.social/tags/hijack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hijack</span></a> <a href="https://chaos.social/tags/Facke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facke</span></a> <a href="https://chaos.social/tags/securityalert" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityalert</span></a> <a href="https://chaos.social/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> <a href="https://chaos.social/tags/FullControl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FullControl</span></a></p>
Europe Says<p><a href="https://www.europesays.com/1905498/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1905498/</span><span class="invisible"></span></a> Brookfield Wealth Solutions Subsidiary Receives Authorization in the United Kingdom <a href="https://pubeurope.com/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://pubeurope.com/tags/brookfield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>brookfield</span></a> <a href="https://pubeurope.com/tags/GreatBritain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GreatBritain</span></a> <a href="https://pubeurope.com/tags/in" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>in</span></a> <a href="https://pubeurope.com/tags/kingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kingdom</span></a> <a href="https://pubeurope.com/tags/receives" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>receives</span></a> <a href="https://pubeurope.com/tags/solutions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>solutions</span></a> <a href="https://pubeurope.com/tags/subsidiary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>subsidiary</span></a> <a href="https://pubeurope.com/tags/the" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>the</span></a> <a href="https://pubeurope.com/tags/United" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>United</span></a> <a href="https://pubeurope.com/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedKingdom</span></a> <a href="https://pubeurope.com/tags/wealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wealth</span></a></p>
Joshua P. Steele<p>Is anyone out there familiar enough with the Google Zanzibar-inspired authorization space to help me figure out how OpenFGA, SpiceDB, and Permify compare with one another? They all seem quite similar, and I’m struggling to rank them objectively. <a href="https://social.lol/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> <a href="https://social.lol/tags/zanzibar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zanzibar</span></a> <a href="https://social.lol/tags/openfga" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openfga</span></a> <a href="https://social.lol/tags/permify" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>permify</span></a> <a href="https://social.lol/tags/spicedb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spicedb</span></a></p>
Dan 🌈<p>👋 Very stoked to announce that I will be speaking at <a href="https://hachyderm.io/tags/OWASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASP</span></a> <a href="https://hachyderm.io/tags/Snowfroc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snowfroc</span></a> this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a>" and it's mostly about why <a href="https://hachyderm.io/tags/authz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authz</span></a> is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there! 🎤</p><p>p.s. I've never been to <a href="https://hachyderm.io/tags/Denver" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Denver</span></a> so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know! 😄</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GossiTheDog</span></a></span> the sheer fact that <a href="https://infosec.space/tags/MSPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSPs</span></a> & <a href="https://infosec.space/tags/CSPs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSPs</span></a> can access clients' setups without proper <a href="https://infosec.space/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> [including <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KYC</span></a> / <a href="https://infosec.space/tags/KYB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KYB</span></a>, <a href="https://infosec.space/tags/AuthCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AuthCode</span></a>|s and proper authorization via contract] is already sickening.</p><ul><li><a href="https://cyberplace.social/@GossiTheDog/114104955818018205" rel="nofollow noopener noreferrer" target="_blank">This</a> literally <em>begs to be abused</em> via <a href="https://infosec.space/tags/SocialEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialEngineering</span></a> / <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SocialHacking</span></a> of <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> personnel or just blatant <em>"<a href="https://infosec.space/tags/PrivilegueEscalation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivilegueEscalation</span></a>"</em> through falsefully claiming to be a <a href="https://infosec.space/tags/MSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSP</span></a> / <a href="https://infosec.space/tags/CSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSP</span></a> contracted by the targeted company.</li></ul><p>Such fundamental <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> fuckups are reasons alone not to use <a href="https://infosec.space/tags/Azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Azure</span></a> or any <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> products & services <em>at all</em>...</p><ul><li>I mean, it doesn't require <a href="https://infosec.space/tags/Mitnick" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mitnick</span></a>-level skills to pull this off, since it doesn't necessitate <a href="https://infosec.space/tags/Lapsus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lapsus</span></a>-Style <a href="https://infosec.space/tags/SIMswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIMswap</span></a> or other means to gain access...</li></ul>
Schneier on Security RSS<p>Device Code Phishing</p><p>This isn’t new, but it’s increasingly popular:<br>The technique is known as devic... <a href="https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/02/device-code-phishing.html</span></a></p><p> <a href="https://burn.capital/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> <a href="https://burn.capital/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://burn.capital/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a></p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Explainers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Explainers</span></a><br>What’s OAuth2 anyway? · How the most popular authorization framework works <a href="https://ilo.im/1623dq" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/1623dq</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Credentials</span></a> <a href="https://mastodon.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> <a href="https://mastodon.social/tags/OAuth2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth2</span></a> <a href="https://mastodon.social/tags/ClientServer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClientServer</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backend</span></a></p>
Bill<p>Wow, dumpster fire much, WordPress? They can't BUY some good news. In case we forgot with all of the other drama, the plugin ecosystem is a trash heap too.</p><p><a href="https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wordfence.com/threat-intel/vul</span><span class="invisible">nerabilities/wordpress-plugins/w3-total-cache/w3-total-cache-281-authenticated-subscriber-missing-authorization-to-server-side-request-forgery</span></a></p><p><a href="https://infosec.exchange/tags/wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wordpress</span></a> <a href="https://infosec.exchange/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a></p>
Silke Meyer<p>Access Control in Keycloak without LDAP groups: Want to restrict access to a connected service in Keycloak, but don't have an LDAP group to use as a filter? In this example, I'll show you how to assign a predefined role to specific user accounts to control access. While the use case is quite specific, this approach illustrates how you can leverage roles in Keycloak for flexible access management.</p><p><a href="https://help.univention.com/t/how-to-restrict-access-to-a-keycloak-client-to-self-registered-user-accounts/23629" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">help.univention.com/t/how-to-r</span><span class="invisible">estrict-access-to-a-keycloak-client-to-self-registered-user-accounts/23629</span></a></p><p><a href="https://univention.social/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a> <a href="https://univention.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>singlesignon</span></a> <a href="https://univention.social/tags/nubus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nubus</span></a> <span class="h-card" translate="no"><a href="https://univention.social/@univention" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>univention</span></a></span> <a href="https://univention.social/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iam</span></a> <a href="https://univention.social/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a></p>
Kingsley Uyi Idehen<p><span class="h-card" translate="no"><a href="https://mastodon.social/@openlink" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>openlink</span></a></span>, </p><p>Yep!</p><p>Creating user-controlled profile documents that streamline the decoupling of <a href="https://mastodon.social/tags/identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identity</span></a>, <a href="https://mastodon.social/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a>, <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a>, <a href="https://mastodon.social/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a>, and <a href="https://mastodon.social/tags/dataspaces" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataspaces</span></a> (databases, knowledge graphs, and other document collections).</p><p>Crucial in the age of <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>!</p><p><a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/GenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GenAI</span></a> <a href="https://mastodon.social/tags/YouID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouID</span></a> <a href="https://mastodon.social/tags/NetID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetID</span></a> <a href="https://mastodon.social/tags/RWW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RWW</span></a></p>
Kingsley Uyi Idehen<p>Creating user-controlled profile documents that streamline the decoupling of <a href="https://mastodon.social/tags/identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identity</span></a>, <a href="https://mastodon.social/tags/identification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identification</span></a>, <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a>, <a href="https://mastodon.social/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a>, and <a href="https://mastodon.social/tags/dataspaces" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataspaces</span></a> (databases, knowledge graphs, and other document collections).</p><p>Crucial in the age of <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a>!</p><p><a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/GenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GenAI</span></a> <a href="https://mastodon.social/tags/YouID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouID</span></a> <a href="https://mastodon.social/tags/NetID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetID</span></a> <a href="https://mastodon.social/tags/RWW" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RWW</span></a></p>
CRAFT-OA<p>2nd day of the CRAFT-OA <a href="https://mastodon.online/tags/TechEvent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechEvent</span></a> is starting and tackling topics such as the <a href="https://mastodon.online/tags/indexation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>indexation</span></a>, <a href="https://mastodon.online/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a>, <a href="https://mastodon.online/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a>, <a href="https://mastodon.online/tags/ojs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ojs</span></a> and the <a href="https://mastodon.online/tags/Livinghandbook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Livinghandbook</span></a>.</p><p>Want to learn more? Visit <a href="https://www.craft-oa.eu/results/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">craft-oa.eu/results/</span><span class="invisible"></span></a> to get more details about what CRAFT-OA is working on.</p><p><a href="https://mastodon.online/tags/DiamondOA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DiamondOA</span></a></p>
Anders Eknert<p>Keynote panel on <a href="https://hachyderm.io/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a>, this morning at the <a href="https://hachyderm.io/tags/NordicAPIs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NordicAPIs</span></a> platform summit in Stockholm. Turned into a great conversation!</p>
Manyfold<p>This week we're working on a Zanzibar/ReBAC style permission system, but because apparently we don't do *anything* without giving it away for free, it's extracted as a separate Rails gem called Caber*: <a href="https://github.com/manyfold3d/caber" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/manyfold3d/caber</span><span class="invisible"></span></a></p><p><a href="https://3dp.chat/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://3dp.chat/tags/Rails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rails</span></a> <a href="https://3dp.chat/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a></p><p>* `"ReBAC".downcase.reverse`</p>
Jens Bannmann<p><a href="https://nerdculture.de/tags/Authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authorization</span></a> and <a href="https://nerdculture.de/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> - did you ever struggle to remember reliably which is which? Or could not explain it to non-developers?</p><p>A while ago, I came up with a useful way to remember them reliably. I'm now posting it here for reference by future me or potentially others:</p><p>Authe*N*tication is about the *N*ame: I'm sure who you are</p><p>Autho*R*ization is about the *R*ights: I know what access rights you have</p><p>Why the distinction, and why does one usually need both? Read on.</p><p>🧵 1/3</p>
AhaAchja<p><span class="h-card" translate="no"><a href="https://mastodon.social/@randahl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>randahl</span></a></span> ⚡ <a href="https://social.anoxinon.de/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://social.anoxinon.de/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> ⚡ 🇺🇸 🇪🇺 🇺🇦 <br>US President Joe <a href="https://social.anoxinon.de/tags/Biden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Biden</span></a> has today (not publicly, “secretly”) given <a href="https://social.anoxinon.de/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> for <a href="https://social.anoxinon.de/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> to deploy American <a href="https://social.anoxinon.de/tags/weapons" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>weapons</span></a> systems in the <a href="https://social.anoxinon.de/tags/area" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>area</span></a> / <a href="https://social.anoxinon.de/tags/Kharkiv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kharkiv</span></a> region may also deploy on Russian territory. 💚</p>
Mark Daniels-Wr. 🟢<p>Am trying to get <a href="https://mstdn.social/tags/Tootle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tootle</span></a> on Deb/GNU to link up with my mstdn.social account (this one) and am sort of stuck at the <a href="https://mstdn.social/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> stage as no email or 2fa type authorization message has appeared?? Any ideas?</p>
Anders Eknert<p>The <a href="https://hachyderm.io/tags/KubeCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KubeCon</span></a> / <a href="https://hachyderm.io/tags/BackstageCon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackstageCon</span></a> talk where <span class="h-card" translate="no"><a href="https://hachyderm.io/@parcifal" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>parcifal</span></a></span> was kind enough to invite me to co-present on <a href="https://hachyderm.io/tags/OPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OPA</span></a> for <a href="https://hachyderm.io/tags/Backstage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backstage</span></a> <a href="https://hachyderm.io/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> is now on YouTube. If you're into any of those topics — and why wouldn't you be — do check it out!</p><p><a href="https://www.youtube.com/watch?v=N0n_czYo_kE" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=N0n_czYo_k</span><span class="invisible">E</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload